Acoustic cryptanalysis

From Wikipedia, the free encyclopedia

Acoustic cryptanalysis is a side channel attack which exploits sounds, audible or not, produced during a computation or input-output operation by computer workstations, impact printers, or electromechanical cipher machines.

Contents

[edit] History

Victor Marchetti and John Marks eventually negotiated the declassification of CIA acoustic intercepts of the sounds of cleartext printing from encryption machines.[1] Technically this method of attack dates to the time of FFT hardware being cheap enough to perform the task -- in this case the late 1960s to mid-1970s. However, using other more primitive means such acoustical attacks were made in the mid-1950s.

In his book Spycatcher, former MI5 operative Peter Wright discusses use of an acoustic attack against Egyptian Hagelin cipher machines in 1956. The attack was codenamed "ENGULF".[2]

[edit] Known attacks

In 2004, Dmitri Asonov and Rakesh Agrawal of the IBM Almaden Research Center announced that computer keyboards and keypads used on telephones and automated teller machines (ATMs) are vulnerable to attacks based on differentiating the sound produced by different keys. Their attack employed a neural network to recognize the key being pressed.

By analyzing recorded sounds, they were able to recover the text of data being entered. These techniques allow an attacker using covert listening devices to obtain passwords, passphrases, personal identification numbers (PINs) and other security information.

In 2005, a group of UC Berkeley researchers performed a number of practical experiments demonstrating the validity of this kind of threat.[3]

Also in 2004, Adi Shamir and Eran Tromer demonstrated that it may be possible to conduct timing attacks against a CPU performing cryptographic operations by analysis of variations in its humming noise.[4]

[edit] Countermeasures

If you generate sounds that are in the same spectrum and same form as keypresses, this kind of cryptanaysis can be defeated. If you replay sounds of actual keypresses, it may be possible to totally defeat such kinds of attacks. It is advisable to use at least 5 different recorded variations (36 x 5 = 180 variations) for each keypress to get around the issue of FFT fingerprinting.[5]

[edit] See also

[edit] References

  1. ^ Marchetti, Victor & Marks, John (1973), The CIA and the Craft of Intelligence 
  2. ^ Wright, Peter (1987), Spycatcher: The candid autobiography of a senior intelligence officer, Viking 
  3. ^ Yang, Sarah (14 September 2005), “Researchers recover typed text using audio recording of keystrokes”, UC Berkeley News, <http://www.berkeley.edu/news/media/releases/2005/09/14_key.shtml> 
  4. ^ Shamir, Adi & Tromer, Eran, Acoustic cryptanalysis:On nosy people and noisy machines], <http://www.wisdom.weizmann.ac.il/~tromer/acoustic/> 
  5. ^ Asonov & Agrawal, Rakesh (2004), Keyboard Acoustic Emanations, <http://rakesh.agrawal-family.com/papers/ssp04kba.pdf> 
 This cryptography-related article is a stub. You can help Wikipedia by expanding it.
Languages